Hacking JWT Tokens: By Bruteforcing Weak Signing Key
This is the way of hacking JWT tokens signed using weak keys. We will be using John The Ripper for determining the correct signing key! JWT tokens Introduction JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret with the HMAC algorithm....